|The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 126.96.36.199, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.
|CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
|DSA-1787-1, DSA-1794-1, DSA-1800-1
The information below is based on the following data on fixed versions.
All Debian kernels set CONFIG_SHMEM, so this is moot except
for locally modified configs and even for that I fail to
see why anyone would run a kernel w/o CONFIG_SHMEM?